docker+k8s基础篇五

 

---

 

• service资源介绍
  
  • A：service资源的工作特性
• service的使用
  • A：service字段介绍
  • B：ClusterIP的简单使用
  • C：NodePort的简单使用
  • D：LoadBalancer和ExternalName
  • E：无头service

---

♣一：service资源介绍

A：service资源的工作特性：

kubernetes的service资源：
在整个k8s集群的节点中pods资源是最小的对象，这些对象是提供真正服务的重要组成部分，当我们需要通过外部进行访问的时候因各pod资源提供的访问端点是不一致的，我们就需要设定一个固定的访问端点来提供访问，这个访问端点，是存在pod至上和控制器之下的中间层，这个中间层将叫service，service会严格依赖k8s上的一个重要组件叫coredns（新版本）和kube-dns（老版本1.11之前的版本），所以我们在部署的时候必需要部署coredes或者kube-dns。
kubernetes要想给客户端提供网络功能，需要依赖于第三方方案，这种方案在新版本中可以通过cni（容器网络插件标准接口）来接入任何遵循这种标准的第三方方案，例如我们使用到的flannel。
kubernetes的三类ip地址：
1：node网络
2：pod网络
node和pod的地址是实际存在且配置了。
3：cluater（集群地址）或者叫做service地址，这种地址是虚拟的地址（virtual ip），这些地址没有出现在接口之上，仅仅只是出现在service的规则当中。
在每个节点之上都工作了kube-proxy组件，这个组件将会实时监视service资源中的变动信息，这个监视是由kube-proxy通过一种固有的方式（watch）请求方式来实现的，一旦service的资源发生变动，kube-proxy都要将其转换为当前节点之上的能够被service调度的规则之上（这个规则可能是iptables或者ipvs规则，取决于service的实现方式）
service的实现方式在k8s上有三种模型：

　　　　　　　　
1：userspace（用户空间）
　　当用户的访问请求会先到达service上，由service将其转换监听在某个套接字上的用户空间内的kube-proxy，接下来kube-proxy处理完成之后再转给service代理至这个service各个相          关联的pod之上，实现调度。

　　这种模型效率不高，因为用户请求要进过工作在内核上的service转给工作各个“主机”之上用户空间的kube-proxy，kube-proxy将其封装成请求报文发送给内核空间的service资源，         有service的规则在调度至各个pod资源上。

　　　　　　　　
2：iptabeles：
　  当前用户请求直接请求service的IP，这个请求会被工作在本地内核空间中的service所截取，然后直接调度给相关联的pod，而整个调度都是基于iptables规则来完成的。

　　　　　　　　
3：ipvs：
      和iptables一样，只不过规则换成了ipvs规则。
在配置k8s的时候设定k8s工作在什么模式之下，就会生成对应模式的规则，1.1之前默认是userspace，1.11默认使用的ipvs，如果ipvs没有激活，就会降级为iptables。
当集群中的pods资源发生了改变，这个信息会立马反应到apiservice之上，因为这个改变会直接存储在apiservice的ectd当中，这种变化也会立即触发kube-proxy并发送给service资源中将其转换为iptables或者ipvs规则，这些转换都是动态且实时的。

♣二：service的使用：

A：service字段介绍：

[root@www kubeadm]# kubectl get svc
NAME         TYPE        CLUSTER-IP   EXTERNAL-IP   PORT(S)   AGE
kubernetes   ClusterIP   10.96.0.1    <none>        443/TCP   77m
在我们初始化集群的时候已然帮忙创建了一个名称叫kubernetes的service资源，这个资源很重要，是保证我们service和集群节点之间联系的，而且10.96.0.1是面向集群内部的地址。
[root@www kubeadm]# kubectl explain svc  也是包含5个一级字段
KIND:     Service
VERSION:  v1

DESCRIPTION:
     Service is a named abstraction of software service (for example, mysql)
     consisting of local port (for example 3306) that the proxy listens on, and
     the selector that determines which pods will answer requests sent through
     the proxy.

FIELDS:
   apiVersion   <string>
     APIVersion defines the versioned schema of this representation of an
     object. Servers should convert recognized schemas to the latest internal
     value, and may reject unrecognized values. More info:
     https://git.k8s.io/community/contributors/devel/api-conventions.md#resources

   kind <string>
     Kind is a string value representing the REST resource this object
     represents. Servers may infer this from the endpoint the client submits
     requests to. Cannot be updated. In CamelCase. More info:
     https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds

   metadata     <Object>
     Standard object's metadata. More info:
     https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata

   spec <Object>
     Spec defines the behavior of a service.
     https://git.k8s.io/community/contributors/devel/api-conventions.md#spec-and-status

   status       <Object>
     Most recently observed status of the service. Populated by the system.
     Read-only. More info:
     https://git.k8s.io/community/contributors/devel/api-conventions.md#spec-and-status

[root@www kubeadm]# kubectl explain svc.spec.ports（ports是用于把那个端口和后端的容器端口建立关联关系）
KIND:     Service
VERSION:  v1

RESOURCE: ports <[]Object>

DESCRIPTION:
     The list of ports that are exposed by this service. More info:
     https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies

     ServicePort contains information on service's port.

FIELDS:
   name <string>
     The name of this port within the service. This must be a DNS_LABEL. All
     ports within a ServiceSpec must have unique names. This maps to the 'Name'
     field in EndpointPort objects. Optional if only one ServicePort is defined
     on this service.

   nodePort     <integer>
     The port on each node on which this service is exposed when type=NodePort
     or LoadBalancer. Usually assigned by the system. If specified, it will be
     allocated to the service if unused or else creation of the service will
     fail. Default is to auto-allocate a port if the ServiceType of this Service
     requires one. More info:
     https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport

   port <integer> -required-  service的端口
     The port that will be exposed by this service.

   protocol     <string>   node端口    
     The IP protocol for this port. Supports "TCP", "UDP", and "SCTP". Default
     is TCP.
 
   targetPort   <string>   pods端口
     Number or name of the port to access on the pods targeted by the service.
     Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. If
     this is a string, it will be looked up as a named port in the target Pod's
     container ports. If this is not specified, the value of the 'port' field is
     used (an identity map). This field is ignored for services with
     clusterIP=None, and should be omitted or set equal to the 'port' field.
     More info:
     https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service

[root@www kubeadm]# kubectl explain svc.spec.selector （我们需要关联到哪些pods资源上）
KIND:     Service
VERSION:  v1

FIELD:    selector <map[string]string>

DESCRIPTION:
     Route service traffic to pods with label keys and values matching this
     selector. If empty or not present, the service is assumed to have an
     external process managing its endpoints, which Kubernetes will not modify.
     Only applies to types ClusterIP, NodePort, and LoadBalancer. Ignored if
     type is ExternalName. More info:
     https://kubernetes.io/docs/concepts/services-networking/service/


spec.clusterIP（指定固定的ip，创建之后无法改变）

[root@www kubeadm]# kubectl explain svc.spec.type  （service的类型）
KIND:     Service
VERSION:  v1

FIELD:    type <string>

DESCRIPTION:
     type determines how the Service is exposed. Defaults to ClusterIP. Valid
     options are ExternalName, ClusterIP, NodePort, and LoadBalancer.
     "ExternalName" maps to the specified externalName. "ClusterIP" allocates a
     cluster-internal IP address for load-balancing to endpoints. Endpoints are
     determined by the selector or if that is not specified, by manual
     construction of an Endpoints object. If clusterIP is "None", no virtual IP
     is allocated and the endpoints are published as a set of endpoints rather
     than a stable IP. "NodePort" builds on ClusterIP and allocates a port on
     every node which routes to the clusterIP. "LoadBalancer" builds on NodePort
     and creates an external load-balancer (if supported in the current cloud)
     which routes to the clusterIP. More info:
     https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types

service资源的字段介绍